Teenager claims to find code flaw in Gmail
- — 03 March, 2006 08:11
A teenage blogger claims to have discovered a flaw in Google's Gmail service that allows JavaScript to run, potentially allowing a malicious hacker to gather e-mail addresses or compromise an account. The supposed flaw may already have been fixed, however.
The teenager identifies himself in his blog as a 14-year-old named Anthony. His entry about Gmail is at http://ph3rny.blogspot.com/2006/03/vulnerability-in-gmail.html.
He wrote that he was trying to e-mail JavaScript code from a Yahoo account to a G-mail account. The code will run in a preview pane, he wrote. But if the code is mailed from one Gmail account to another, it is filtered out, he said.
Some visitors to the blog reported being able to replicate the findings, but others said later that they were not able to and that the supposed flaw had been fixed. Google representatives in London could not immediately comment, saying the report would be forwarded to their technical staff.
